salvacybersec/balikci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Improve static file serving headers for CORS and content types

Browse Source
This commit is contained in:
salvacybersec
2025-11-11 06:13:10 +03:00
parent ed75f1bd10
commit 3b021417f9
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
backend/src/app.js
View File

@@ -134,19 +134,30 @@ const frontendDistPath = path.join(__dirname, '../../frontend/dist');
const fs = require('fs');
if (fs.existsSync(frontendDistPath)) {
// Serve static files with proper headers for SPA
// Use middleware to set headers with access to request object
app.use((req, res, next) => {
// Set CORS headers for assets if needed
const origin = req.headers.origin;
if (origin) {
res.setHeader('Access-Control-Allow-Origin', origin);
res.setHeader('Access-Control-Allow-Credentials', 'true');
}
next();
});
app.use(express.static(frontendDistPath, {
maxAge: '1y', // Cache static assets
etag: true,
lastModified: true,
setHeaders: (res, path) => {
setHeaders: (res, filePath) => {
// Set proper content type for JS/CSS files
if (path.endsWith('.js')) {
res.setHeader('Content-Type', 'application/javascript');
} else if (path.endsWith('.css')) {
res.setHeader('Content-Type', 'text/css');
if (filePath.endsWith('.js')) {
res.setHeader('Content-Type', 'application/javascript; charset=utf-8');
} else if (filePath.endsWith('.css')) {
res.setHeader('Content-Type', 'text/css; charset=utf-8');
}
// Allow CORS for assets (if needed)
res.setHeader('Access-Control-Allow-Origin', '*');
// Security headers for assets
res.setHeader('X-Content-Type-Options', 'nosniff');
},
}));
}